I'm not sure if it's just an example for the question, or how you are actually writing you code, but if its the latter, mysql_real_escape_string() function is the wrong tool for the job. If you want to strip the slashes from a string, you should consider using stripslashes().

Please note that the mysql_real_escape_string function is for escaping data before entry into a mysql database and that if you are working with mysql databases, you should really use the mysqli extension instead.. If you want to escape data before displaying in html, consider using htmlspecialchars() and html_entities().

Imagine every function you call like a tender baloon of different material and imagine the parameters you pass to it like objects dumped in the baloon.Some baloons can be popped by sharp objects, so you need to wrap them with cotton.Some baloons can be popped by hot objects, so you must first cool them.

To step back from the metaphor:You must escape every datum you pass to certain functions and different functions have different means to do so.You must not escape the data twice hoping that it will make it ready for using in two of these functions. Instead, use different copies of the data, escaping each one in its special way before giving it to a dangerous functions.The two most dangerous functions are database queries, mysql_query in your case and HTML output - echo, print and <?=$var?> There are others, and the best way to learn is to read the documentation on each function you use and check for possible security concerns.For mysql_query, you mostly use mysql_real_escape_string. Read the article on SQL injection in my sig on when you need other things to use.For html output, htmlspecialchars(), but there's a trick to it.

The problem with htmlspecialchars() is that it is insecure by default. There are many things, security-wise, that PHP developers have screwed up and this is among the top.You must always call it with ENT_QUOTES as a second parameter, and the correct encoding as the third.

Who is online

Users browsing this forum: No registered users and 5 guests

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot post attachments in this forum